Professional Documents
Culture Documents
Copyright 2005,2006 Institute of System & Information Technologies/ KYUSHU All rights reserved.
Agenda
Background Our Goal Certificate based framework of biometric authentication One-time Biometrics Conclusion
3/20/2012
Background
Biometric authentication is remarkable!
Based on Physical and behavioral Characteristics
Fingerprint, Iris, Facial image, Voice, Pattern of vein Etc
3/20/2012
Background
Biometric authentication is remarkable!
Biometric systems are applied to many services.
E-passports Bank Monitoring entrance Etc.
3/20/2012
Background
On the other hands, We need secure and reliable authentication systems for many E-Services! Biometrics is one of the candidates. However, if we apply biometrics to E-services, Biometrics has some weak points!
Easy to obtain Secondary information
Irreplaceable
Our Goal
Reliable authentication on the open networks by using Biometrics
Viewpoints:
1. Certificate based framework
What do we require framework for reliable biometric authentication system?
2. One-time biometrics
How do we construct secure remote biometric authentication systems? even though biometric authentication data is compromised.
3/20/2012
Certificate-based framework
Public Key Infrastructure (PKI) with Biometrics
Currently, this area aims to International Standardization Ikeda et al.s (Toshiba Solution) proposal ISO/IEC JTC1/SC27/WG2
Verification of Biometric Authentication Environment Isobe et al.s (Hitachi) proposal ITU-T SG17/Q8
Certificate-based framework
Assurance of anonymity in the Biometric Authentication by using Personal Repository
Owner (User)
RELATION
Personal Repository
RELATION
Enrolled Templates
Ownership Certificate
Template Certificate
Certificate-based framework
A Framework of verification of ownership of PR by VA
Assumption: CA issuing ownership certificate of PR, Trusted VA
Certificate Authority for Users Personal Repository Personal Repository Biometrics Device Verification Authority for Users Personal Repository
Client (User)
Internet
Application Server
Certificate Authority for Public Key Certificate Authority for Template Data Certificate Authority for Authentication Institute of Environment Systems & Information
Technologies/ KYUSHU
3/20/2012
Certificate-based framework
Argument of Security
Abovementioned framework
Biometric Authentication verifies personal repository is used by legitimate user.
In application server, user is anonymity.
Identity of User and holder Only VA can verifies it. Application Server receives only information of the identity as verification result from VA. If user colludes with VA, this framework will not be secure.
3/20/2012
10
One-time Biometrics
Now, I am investigating.
But, I presented this topic at Symposium of Cryptography & Information Security 2006 in Japan
3/20/2012
One-time Biometrics
We propose One-Time Transform (OTT)
OTT: Different transform every authentication session OTT is shared by a client and a storage of template OTT is applied to extracted features and corresponding enrolled templates Transformed data is used in matching process.
3/20/2012
One-time Biometrics
An illustration of One-Time Transform
Candidate of OTT: Recursive non-linear transform
Y axis Chaos transforms, Iterated Function Systems
One-time Biometrics
We propose One-Time Transform (OTT)
OTT: Different transform every authentication session OTT is shared by a client and a storage of template OTT is applied to extracted features and corresponding enrolled templates Transformed data is used in matching process.
One-time Biometrics
Framework of biometrics with One-Time Transforms
Including Function Generator which constructs OTTs Expectation: It is easy to implement One-Time Biometrics by UPDATING SOFTWARE from conventional systems. Time Stamp Server Time Stamping Function Generator Construction of OTTs Storage of Templates
Application of OTT
Client
Acquisition Feature Extraction Application 3/20/2012 of OTT
One-time Biometrics
Argument of Security
Assumption: assurance of security of OTT Hill-climbing attack: DIFFICULT
According to OTT, distance function and threshold are varied.
Case 1: Adversaries listen communication between Client and Server Transformed data is changeable in every authentication. Case 2: Adversaries listen communication form Function Generator. When the adversaries use past OTT, Client and Storage can easily detect it.
Conclusion
Certificate-based Framework:
We propose the Framework of Biometric authentication on Open networks
Establishment of Verification Authority Assurance of users anonymity against Application Server Reduce of possibility of compromising personal information
One-Time Biometrics:
We propose the One-Time Transform which is different every authentication session.
Resistance against Hill-Climbing Attack, Replay Attack.
Future Works
In fact, there are too many points
3/20/2012 Institute of Systems & Information Technologies/ KYUSHU
3/20/2012